Manuals / TP-Link / Computer Equipment / Switch

TP-Link TL-SG3424P manual Port Security, Egress

Models: TL-SG3424P

1 292

Download 292 pages 57.62 Kb

Page 56

Egress:	Select Enable/Disable the Egress feature. When the Egress is
	enabled, the outgoing packets sent by the mirrored port will be
	copied to the mirroring port.
LAG:	Displays the LAG number which the port belongs to. The LAG
	member cannot be selected as the mirrored port or mirroring
	port.
Note:

1.The LAG member cannot be selected as the mirrored port or mirroring port.

2.A port cannot be set as the mirrored port and the mirroring port simultaneously.

3.The Port Mirror function can span the multiple VLANs.

5.1.3 Port Security

MAC Address Table maintains the mapping relationship between the port and the MAC address of the connected device, which is the base of the packet forwarding. The capacity of MAC Address Table is fixed. MAC Address Attack is the attack method that the attacker takes to obtain the network information illegally. The attacker uses tools to generate the cheating MAC address and quickly occupy the MAC Address Table. When the MAC Address Table is full, the switch will broadcast the packets to all the ports. At this moment, the attacker can obtain the network information via various sniffers and attacks. When the MAC Address Table is full, the packets traffic will flood to all the ports, which results in overload, lower speed, packets drop and even breakdown of the system.

Port Security is to protect the switch from the malicious MAC Address Attack by limiting the maximum number of MAC addresses that can be learned on the port. The port with Port Security feature enabled will learn the MAC address dynamically. When the learned MAC address number reaches the maximum, the port will stop learning. Thereafter, the other devices with the MAC address unlearned cannot access to the network via this port.

46

Image 56

TP-Link TL-SG3424P manual Port Security, Egress

Contents

JetStream L2 Managed Switch REV3.0.0 1910011091Copyright & Trademarks FCC Statement Safety Information Contents Gvrp 101 142 NDP Ntdp Tracert 258 Package Contents About This Guide Intended ReadersConventions Overview of This GuideLogin to the Switch QoS Appendix a Specifications Introduction Overview of the SwitchMain Features Appearance Description Front Panel LEDs Name Status IndicationRear Panel Rear PanelReturn to Contents Configuration Login to the SwitchLogin Return to Contents System System InfoSystem Summary  Port Status Port Info PortType SpeedDevice Description System Time Bandwidth Utilization  Device DescriptionDaylight Saving Time  DST Config Predefined ModeRecurring Mode Date Mode IP Config System IP IPv6 features System IPv6 Introduction to IPv6 address Page Global unicast address Link-local addressAddress Resolution  IPv6 Neighbor DiscoveryNeighbor Reachability Detection Duplicate Address DetectionPage  Global Config  Link-local Address ConfigIPv6 Link-local AddressEnable global Global AddressPrefix Length PreferredUser Table User ConfigUser Management User ID, Name, Access Level and status Operation  User InfoUser Status  User TableConfig Restore Config Backup Config Restore System ToolsFirmware Upgrade  Config BackupAccess Security System RebootSystem Reset Access ControlMAC Address  Access Control ConfigIP Address & Mask SSL Config  Session Config Access User Number Number Control Admin NumberSSH Config  Certificate Download Key Download Key FileMax Connect Idle TimeoutProtocol  Configuration Procedure Key TypeDownload  Network RequirementsApplication Example 2 for SSH Page Page Return to Contents Switching Port ConfigPort Port SelectPort Mirror DescriptionSpeed and Duplex Flow Control Mirror Group List  Mirror Group Number Mirroring Port  Mirrored PortPort Security EgressLearn Mode  Port SecurityMax Learned MAC Learned Num Port Isolation Config Port IsolationLoopback Detection  Port Isolation ListLAG LAG Table LAG TableStatic LAG Hash Algorithm LAG Table Group NumberLAG will delete this LAG Lacp Config LAG Config Lacp Config Following entries are displayed on this screen  Lacp ConfigAdmin Key Traffic MonitorTraffic Summary Port PriorityPackets Rx Packets TxOctets Rx Octets TxStatistics of the corresponding port Traffic Statistics Statistics Port MAC Address Address Table  Search OptionMAC Address Displays the MAC address learned by the switch Static Address Address Table Displays the corresponding Vlan ID of the MAC addressDynamic Address  Static Address Table Aging Config Bind Filtering Address Dynamic Address Table  Create Filtering Address  Filtering Address TableReturn to Contents Vlan 802.1Q Vlan  Link Types of ports Pvid Vlan Config  Vlan TableVlan ID Select ： Select： Vlan Config Enter the ID number of VlanIs valid or not  Vlan MembersEgress Rule  Vlan Port ConfigLink Type Required. On the VLAN→802.1Q VLAN→Port Config page, set Required. On the VLAN→802.1Q VLAN→VLAN Config Vlan of Port Vlan NameOptional. On the VLAN→802.1Q VLAN→VLAN Config MAC VlanMAC Select Protocol Vlan MAC Vlan Table  Encapsulation Format of Ethernet Data 802.3 raw 802.2 LLC Snap Protocol Protocol Group Table Protocol GroupVlan packets are processed in the following way  Protocol Group Table Protocol Group Member  Protocol Group ConfigProtocol Template Application Example for 802.1Q Vlan  Network Diagram  Configuration Procedure Required. On VLAN→802.1Q Vlan →Port Config page, configureRequired. On VLAN→802.1Q VLAN→VLAN Config page, create a Operation DescriptionApplication Example for MAC Vlan Application Example for Protocol Vlan Vlan with its Vlan ID as 10, owning Port 12 and Port 13, Required. On Vlan →Protocol Vlan →Protocol Template On Vlan →Protocol Vlan →Protocol Group page, create protocol Gvrp Select Port Status Registration Mode GvrpConfiguration Procedure Spanning Tree  STP Elements STP Timers Hello Time  STP GenerationStep Operation Tips： Rstp Elements  Mstp Elements Port States  Port RolesSTP Config STP ConfigForward Delay VersionHello Time Max AgeSTP Summary Port Config STP SummaryPriority ExtPathIntPath Edge PortPort Status Region ConfigMstp Instance Instance Config  Region ConfigClear  Instance TableInstance Instance Port Config  VLAN-Instance MappingPort Role Instance IDPath Cost STP Security Port Protect Bpdu Filter  Port ProtectApplication Example for STP Function TC ProtectOn Spanning Tree→STP Config→STP Config On Spanning Tree→STP Config→Port ConfigOn Spanning Tree→MSTP Instance→Region Config On Spanning Tree→MSTP Instance→InstanceOn Spanning Tree→MSTP Instance→Region  Configure Switch D  Suggestion for Configuration Multicast  Multicast Overview IPv6 Multicast Address  IPv4 Multicast AddressMulticast IP address range Description 112 113 Igmp Snooping  Igmp Snooping Fundamentals Description Displays Igmp Snooping status Member Snooping Config Igmp Snooping Status Router Port Time Member Port TimeLeave Time Static Router PortsMulticast→IGMP Snooping→Snooping Config and Port ConfigMulticast→IGMP Snooping→VLAN Config IP-Range Multicast Vlan IP Range IDStart Multicast IP End Multicast IP Multicast Vlan Multicast→IGMP Snooping→Multicast Vlan On the Multicast→IGMP Snooping→Snooping ConfigVlan Snooping→Port Config Snooping→Snooping ConfigStatic Multicast IP VLAN→802.1Q VlanPacket Statistics  Create Static Multicast Static Multicast IP Table Multicast IP Igmp Statistics MLD Snooping  MLD Snooping FundamentalsGlobal Config  MLD Snooping ProcessMLD Snooping Report MessageSuppression Unknown MulticastMulticast Vlan Multicast Vlan IDRequired. On the Multicast →MLD Snooping →Global Required. On the Multicast →MLD Snooping →VLANEnter the Vlan ID you want to configure Router Port AgingNot be aged Select Select the Vlan ID you want to changeFilter Config Filter Config Filter IDDynamic Router Ports ：Filter IDs Filter ModeStatic Multicast Querier Config  Static Multicast ConfigEnter the Vlan ID Multicast IP Enter the multicast IP address Member PortsQuerier Config Maximum ResponseQuery Interval Query Source IPReport Switch has received Received MLDv2 Report Switch has received Received MLD DoneAuto Fresh Fresh PeriodMulticast Table 1 IPv4 Multicast TableMulticast IP Displays multicast IP address Displays the Vlan ID of the multicast group2 IPv6 Multicast Table Multicast IP Displays the multicast IPForward Ports Type Displays the type of the group QoS  Priority ModeQoS  Schedule Mode 802.1Q frameSP-Mode  Port Priority Config DiffServPort Priority Displays the LAG number which the port belongs toRequired. On QoS→DiffServ→Schedule Mode Dscp PriorityRequired. On QoS→DiffServ→Port Priority Required. On QoS→DiffServ→802.1P/CoS mapping Dscp Priority Config 3 802.1P/CoS mapping Priority Level Required. On QoS→DiffServ→DSCP Priority Schedule Mode Config Schedule Mode Priority and CoS-mapping Config Bandwidth Control Rate Limit Rate Limit Config Storm ControlIngress Rate bps Egress Ratebps Storm Control Config Port Broadcast Rate bpsMulticast Rate BpsNumber OUI Address Vendor  Port Voice Vlan ModeVoice Vlan  Security Mode of Voice Vlan Security Packet Type Processing ModeVoice Vlan Select Enable/Disable Voice Vlan function Enter the Vlan ID of the voice VlanAging Time OUI address is aging outPort Mode 13 Port ConfigOUI Config Required. On QoS→Voice VLAN→Global Config Required. On VLAN→802.1Q VLAN→Port ConfigRequired. On VLAN→802.1Q VLAN→Port Config page, click PoE Config PoE Composition  AdvantagePoE Config PoE Profile PoE Time-Range Time-Range Summary Create PoE Profile  PoE ProfilePoE Time-Range Create PoE Holiday Config Holiday Name Displays the name of the holiday Start Date Detail ACLTime-Range Time-Range Create Holiday Holiday Table ACL ConfigHoliday Config ACL Summary ACL Create Create ACL Enter ACL ID of the ACL you want to createMAC ACL Rule IDEtherType User PriorityStandard-IP ACL Extend-IP ACL Create Standard-IP ACL MaskTCP Flag  Create Extend-IP ACLIP Protocol Policy Create Policy ConfigPolicy Summary  Create Action Action Create Create Policy  Policy Bind Table Policy BindingBinding Table  Port-Bind Config Port BindingVlan Binding Direction Displays the binding direction VLAN-Bind Config Application Example for ACLEnter the ID of the Vlan you want to bind  VLAN-Bind TableOn ACL→ACL Config→ACL Create page, create ACL On ACL→ACL Config→Standard-IP ACL page, select ACL Network Security IP-MAC BindingSource Host NameIP Address Protect TypeManual Binding Protect Type Select the Protect Type for the entryDisplays the Vlan ID here Port Displays the number of port connected to the HostARP Scanning Dhcp Snooping  Scanning OptionEnd IP Address ScanNetwork diagram for DHCP-snooping implementation  Dhcp Working Principle Option Dhcp Cheating Attack Implementation Procedure  Dhcp Cheating Attack183 Select Port Trusted Port MAC Verify Flow Control Decline Flow ControlCustomization Circuit ID Remote ID  Cheating Gateway ARP Inspection Imitating Gateway 10 ARP Attack Cheating Gateway  Cheating Terminal Hosts Man-In-The-Middle Attack  ARP Flooding Attack ARP Detect  ARP DetectARP Detect  Trusted PortNetwork Security→ARP ARP DefendRequired. On the Network Security→IP-MAC ARP Statistics  ARP DefendDefend Current SpeedDoS Defend  Illegal ARP PacketDoS Attack Type Description  Configure 12.4 Defend Table Defend Type Displays the Defend Type name Architecture of 802.1X Authentication  The Mechanism of an 802.1X Authentication System 802.1X Authentication Procedure 19 PAP Authentication Procedure  802.1X Timer  Guest VlanAuthentication Method 802.1XGuest Vlan Guest Vlan IDSupplicant Timeout Server TimeoutQuiet Period Retry TimesControl Mode Radius ServerControl Type AuthorizedAuthentication Port Key Modify Authentication KEYPrimary IP Secondary IPRequired. On the Network Security→802.1X→Port Snmp  Snmp Overview Snmp Management Frame  Snmp Versions Snmp Configuration Outline 1. Create View  MIB Introduction Remote Engine Snmp Config Local Engine Snmp View MIB Object IDView Type View Name Group Config Snmp GroupSnmp User  Group TableAuth Mode Auth PasswordPrivacy Mode User NameSnmp Community Privacy Password Community Config Community Name AccessMIB View On the SNMP→SNMP Config→SNMP NotificationIP Mode TimeoutUDP Port UserRmon  Notification Table Rmon Group Rmon Group Function History Control Table Event ConfigHistory Control Alarm Config  Event TableVariable Sample TypeRising Threshold Rising EventFalling When the sampled value is under the Falling Cluster  Cluster Role Introduction to Cluster 14.1 NDPNeighbor Info  Neighbor Info NDP Summary Neighbor  Port Status Displays the port number of the switch NDPDetail ： NDP ConfigEnable Disable NtdpDevice Table  Device TableNtdp Summary RoleHops Neighbor InfoPort Displays the port number of the switch Ntdp Summary Following entries are displayed on this screenNtdp Config Ntdp Hop DelayNtdp Port Delay Ntdp Interval TimeCluster Cluster Summary Global ClusterCluster Config  Global Config Cluster Current Role  Role Change14 Cluster Configuration for Individual Switch Application Example for Cluster Function Network Diagram On Cluster→NDP→NDP Config page, enable NDPOn Cluster→NTDP→NTDP Config page, enable On Cluster→Cluster→Cluster Config page, configureOn Cluster→Cluster→Member Config page, select Or On Cluster→Cluster→Cluster TopologyLldp  Lldpdu Format TLV Organizationally Specific TLV TLV type TLV Name Description UsageBasic Management TLV Configuration/Status TLV Power Via MDI TLVTLV Type Description Port Description TLV System Capabilities TLVBasic Config Lldp Lldp Port Config Lldp Port ConfigDevice Info Local InfoDevice Statistics  Local Info Global Statistics Lldp Statistic InformationErrors Transmit TotalReceive Total DiscardsExtended Power-Via-MDI TLV  LLDP-MED Parameters ConfigTLV Type Function Location Identification TLV Inventory TLV LLDP-MED Port Config LLDP-MED Port Configuration Included TLVs  Location Identification ParametersEmergency Civic AddressLLDP-MED Local Information LLDP-MED Neighbor Information CPU Monitor MaintenanceSystem Monitor Level Description 16.2 LogMemory Monitor Content Log Table Log Info Module253  Local Log Config Local LogRemote Log Log BufferHost IP Backup Log Log Host Device Diagnostics ErrorCable Test PairPing Network Diagnostics Ping Config  Tracert Config TracertAppendix a Specifications StandardsTransmission Rate Transmission MediumOperating Environment Appendix B Configuring the PCs Figure B-1Figure B-3 263 264 Now Configure the Hyper Terminal Appendix C Load Software Using FTPHardware Installation 267 Download Firmware via bootUtil menu Figure C-5 Port SettingsTP-LINK upgrade You can only use the port 1 to upgrade Are you sure to upgrade the firmwareY/N y270 Installation Guide Appendix D 802.1X Client Software272 273 Uninstall Software Figure D-7 InstallShield Wizard CompleteConfiguration Figure D-11 Uninstall Complete276 FAQ Figure D-16 Connection Status278 Appendix E Glossary Multicast Switching Generic Multicast Registration Protocol GmrpGroup Attribute Registration Protocol Garp Ieee 802.1DPort Authentication Remote Authentication Dial-in User Service RadiusLayer Link AggregationSecure Shell SSH Simple Network Management Protocol SnmpSimple Network Time Protocol Sntp Spanning Tree Algorithm STA